Key not used during SSH handshake

[webpolis]

I have my key_path set and properly mounted, but it seems it's not even used during SSH handshake:

2017/03/03 14:45:08 staging.xxxxxx.com: outputs: 
0s
8
2017/03/03 14:45:08 drone-ssh error:  ssh: handshake failed: ssh: unable to authenticate, attempted methods [none], no supported methods remain
0s
9
ssh: handshake failed: ssh: unable to authenticate, attempted methods [none], no supported methods remain

This is how the pipeline looks like:

  ssh:
    image: appleboy/drone-ssh
    when:
      branch: [staging, production]
    host: ${DRONE_BRANCH}.xxxxxx.com
    port: 9999
    user: root
    key_path: /root/${DRONE_BRANCH}.key
    script:
      - echo "yay"

And my docker-compose.yml:

  drone-server:
    container_name: xxxxxxx-ci
    image: drone/drone:0.5
    volumes:
      - /var/lib/drone:/var/lib/drone
    restart: always
    env_file: drone.env
  drone-agent:
    image: drone/drone:0.5
    command: agent
    restart: always
    depends_on: [ drone-server ]
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /root/staging.key:/root/staging.key
    env_file: drone.env

Of course, the .key file is present:

-rw-r--r--  1 root root      3326 Mar  1 12:57 staging.key

[PeterCat12]

I seem to be experiencing this issue as well..

[xenji]

I would set the file permissions 0600 and give that a try. openssh is strict about the key security. If that still does not work, I would also assume a bug.

[appleboy]

Please set file permission as 400.

[appleboy]

@webpolis Any updates?

[fredix]

hi @appleboy ,
I have the same issue, my pipeline is

ssh:
    image: appleboy/drone-ssh
    host: 192.168.254.1
    port: 22
    username: drone
    key_path: /root/drone.key
    #secrets: [ssh_username, ssh_key]
    script:
      - "docker service update --image fredix/hugo hugo"
    when:
      status: success

my yml for docker swarm is

  drone-agent:
    image: drone/drone:0.7.1
    restart: always
    env_file: .env.production-agent
    command: agent
    depends_on:
      - drone-server
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /sync/drone/agent/drone.key:/root/drone.key
    deploy:
      placement:
        constraints:
          - node.labels.location == home

permission is set to 400

ls -al /sync/drone/agent/drone.key 
-r--------. 1 root root 3243  6 juin  01:45 /sync/drone/agent/drone.key

[appleboy]

@fredix I will try your config.

[pranay-91]

Is there any update on this issue??

[dev-drprasad]

Hi @appleboy , I have the same issue, any updates ??

[appleboy]

@dev-drprasad Could you help try to add ssh key using drone secret?

[chrisliuqq]

Dear all,
i try all the method from issue, but the problem still exists,
no matter using the secrets in drone or key_path will cause the problem.

BUT, I solved the problem only by upgrading the drone from 0.7 to 0.8.
I have no idea why, if someone is still facing the problem, maybe give it a try.

[appleboy]

@chrisliuqq It is working on drone 0.5, 0.6, 0.7 and 0.8 version with secrets in drone. maybe I should try it out for the key_path way.

[PeterCat12]

This was awhile ago but I believe I experienced this issue whilst trying to mount an ssh key to my drone server's ~/.ssh directory (Which is a big no-no). I would recommend creating a brand new drone container and make sure you aren't mounting anything funky to the drone server and then adding the key via secrets as @appleboy suggests.

[appleboy]

Please enable the trusted mode in project setting if you want to load secret key from key_path. See the following screenshot.

[harryxu]

I have enabled the Trusted option on Project Settings , but still not working with key_path.

But I find a solution: Mount private key to the plugin's container instead of drone agent.

pipeline:

pipeline:
  ssh:
    image: appleboy/drone-ssh
    host: xxxxx.com
    username: deploy
    volumes:
      - /root/drone_rsa:/root/ssh/drone_rsa
    key_path: /root/ssh/drone_rsa
    script:
      - echo "test ssh"

That works!

Of course, enabled the Trusted mode is required.

[fredix]

hi @harryxu !
good job, i tried your config and it works well. @appleboy maybe you should update doc with that tips ?

[appleboy]

@harryxu @fredix Already updated readme. See the updates: https://github.com/appleboy/drone-ssh#mount-key-from-file-path

[nemonik]

I gave up using secrets...

:-(

:-(

It simply didn't work.

I'd set a secret in the GUI, via the drone CLI.

But this buried on the bottom of the front door worked

  deploy:
    image: appleboy/drone-ssh
    host: 192.168.0.11
    port: 22
    username: vagrant
    volumes:
      - /vagrant/.vagrant/machines/toolchain/virtualbox/private_key:/root/ssh/drone_rsa
    key_path: /root/ssh/drone_rsa
    command_timeout: 360
    script:
      - date
    when:
      branch: master

[nemonik]

I tried

drone secret add --name TOOLCHAIN_SSH_KEY --value @/vagrant/.vagrant/machines/toolchain/virtualbox/private_key --repository root/helloworld-martini

And cutting and pasting the contents of /vagrant/.vagrant/machines/toolchain/virtualbox/private_key into the Drone Secret gui for a TOOLCHAIN_SSH_KEY

[vagrant@dev helloworld-martini]$ drone secret ls --repository root/helloworld-martini
TOOLCHAIN_SSH_KEY 
Events: push, tag, deployment
Images: <any>

then using a pipeline like so

  deploy:
    image: appleboy/drone-ssh
    host: 192.168.0.11
    port: 22
    username: vagrant
    ssh_key: [TOOLCHAIN_SSH_KEY]
    command_timeout: 360
    script:
      - date

And I could always from the command line:

ssh -i /vagrant/.vagrant/machines/toolchain/virtualbox/private_key [email protected]

[ghost]

So how do I generate the drone_rsa key in the drone container?

[ghost]

@harryxu Do we need to generate an ssh key inside the container? where does drone_rsa come from?

[harryxu]

@itsnauman Use ssh-keygen command.

[ghost]

Inside the container? or do I mount a volume with the SSH key

[harryxu]

@itsnauman You can generate ssh key on host os, and mount it to container.

[trepmag]

The following drone.yml is failing with getKeyFile error: open /root/drone_rsa: no such file or directory:

kind: pipeline
name: default

steps:
- name: deploy code
  image: appleboy/drone-ssh
  settings:
    host: develop.example.com
    username: deploy
    volumes:
    - /home/drone/.ssh/id_rsa:/root/drone_rsa
    key_path: /root/drone_rsa
    script:
    - echo "Target host name:" `hostname`
    when:
      branch:
      - drone-setup

(Drone 1.6.1)

[trepmag]

Syntax changed https://docker-runner.docs.drone.io/configuration/volumes/host/ which turns the above to:

kind: pipeline
name: default

steps:
- name: deploy code
  image: appleboy/drone-ssh
  volumes:
  - name: ssh_key
    path: /root/drone_rsa
  settings:
    host: develop.example.com
    username: deploy
    key_path: /root/drone_rsa
    script:
    - echo "Target host name:" `hostname`
    when:
      branch:
      - drone-setup

volumes:
- name: ssh_key
  host:
    path: /home/drone/.ssh/id_rsa

[zhangyongyu]

I gave up using secret...and using volumes and key_path works!

my pipeline
pipeline:
deploy:
image: appleboy/drone-ssh
host: 10.xx.xx.123
username: drone
volumes:
- /tmp/id_rsa:/tmp/id_rsa
key_path: /tmp/id_rsa
port: 22
script:
- echo "hello drone" > /tmp/hello.drone